Much more than nine in 10 (91%) UK corporations had been efficiently compromised by an email phishing attack past yr, according to Proofpoint’s 2022 Point out of the Phish report.
The research observed a considerable increase in email-centered attacks globally in 2021 as opposed to 2020. Above three-quarters (78%) of organizations ended up focused by email-dependent ransomware attacks past year and 77% confronted enterprise email compromise (BEC) attacks, the latter an 18% calendar year-on-calendar year boost from 2020.
The study of 600 info and IT security specialists and 3500 personnel in the US, Australia, France, Germany, Japan, Spain and the UK also uncovered that attacks in 2021 ended up more very likely to be effective than in 2020. Much more than four in 5 (83%) respondents mentioned their organization experienced at the very least 1 successful email-dependent phishing attack last calendar year, up from 57% in 2020. In addition, 68% of corporations admitted they experienced to deal with at minimum a person ransomware an infection stemming from a direct email payload, second-stage malware shipping and delivery or other exploit.
Worryingly, 60% of organizations infected with ransomware admitted to spending a ransom, with close to a third (32%) paying additional sums to get back obtain to info and systems.
Proofpoint researchers feel the elevated quantity and success fee of these attacks are linked to the ongoing change to hybrid doing work in 2021, continuing from the previous 12 months. Far more than half of workers in 81% of companies worked remotely very last 12 months. Even so, only 37% of organizations educate staff about greatest methods for remote doing the job. This lack of training appears to be top to substantial security lapses for example, only 60% of employees explained their home network is password shielded, even though 42% admitted getting a dangerous motion in 2021, this sort of as clicking a malicious website link or exposing their private facts or login qualifications.
In addition, only all-around half (53%) of staff were being in a position to accurately detect the definition of ‘phishing’ in a multiple-option array, which is a sizeable slide from 63% in 2020.
UK-based mostly businesses had been significantly seriously specific by email-based mostly attacks, in accordance to the report. For example, 84% faced at least just one email-centered ransomware attack, 81% skilled a single or far more BEC attacks and 78% dealt with at least just one ransomware infection stemming from a immediate email payload.
Alan Lefort, SVP and GM of security recognition teaching for Proofpoint, commented: “Where 2020 taught us about the need to be agile and responsive in the experience of improve, 2021 taught us about the need to improved protect ourselves.
“As email stays the favored attack process for cyber-criminals, there is obvious value in making a tradition of security. In this evolving threat landscape and as work-from-anyplace results in being commonplace,’ it is critical that organizations empower their individuals and guidance their efforts to study and use new cyber capabilities, the two at perform and at house.”
Some pieces of this posting are sourced from: